Disable plugin update notification for a specific plugin in WordPress 3.1

Just  quick sniplet of code to drop into a plugin file to disable plugin update notifications.

The reason i’ve written this is a plugin which has been heavily modified has a update, and, wanted to stop hearing about it; Sure, I could’ve just changed the name, but this felt more Politically Correct (and isn’t that what we’re all supposed to do!?)

So, The code:

add_filter('site_transient_update_plugins', 'dd_remove_update_nag');
function dd_remove_update_nag($value) {
 unset($value->response[ plugin_basename(__FILE__) ]);
 return $value;
}

Have fun, and happy Hacking!

Numbers… Plugins.. WordPress.

So, I’ve tried to write this post a few times so far, and never fully finished it. So this post is a bit of a cobbled together quick post, to finally get it all out there.

First up, My WordPress Plugins.

Many of you who use my WordPress plugins will surely know they solved a single simple problem rather well. Many of you will however realise that they’re severely lacking in features, bugs, and keeping up with WordPress Core..

Quite simply, I’ve had little time to dedicate to my plugins, and for that fact, to anything WordPress related. And one very strong feeling is coming out of it, I want to work on WordPress and new experiments, but my old Plugins really do not take my fancy that much.

I’m coming up to close to 110k downloads of my plugins in total,  that must mean a large chunk of users have them installed still.. Thats a mighty lot of people to leave out in the cold if a security issue comes up..

So today, I’m calling for volunteer’s who I can add as Contributors to my Plugins (and any other project I’ve got going for that matter). The idea is simply, I dont have time, They’re Open Source, People use them, Surely there has to be someone else out there willing to put a few hours in every month to take care of them? Some Plugin Developers can afford the time to fix up plugins, I cant, I’d rather spend it on Core..

There are a few rules which I’ll be enforcing however:

  • You need to run it by me before you make a new Release of the plugin (that’ll be relaxed if you show you know what you’re doing, and I trust your judgement)
  • You need to retain the current naming, licence, and Commit-often strategy to the Plugin’s repo.
  • You need to respect the code and functionalities offered, as well as the users of the plugin, Upgrades to new versions MUST work nicely with users existing data, re-writing the plugin from scratch will not be taken nicely (But refactoring is fine, and there will be exceptions of course)
  • You MUST follow the WordPress coding standards
  • You cant just work on new features and ignore any present bugs, Sorry, but both need your attention.

If you’re feeling up to the task, Feel free to leave comments here, or contact me privately (wordpress@dd32.id.au) to discuss it. Recognising your name will be a plus, But please do include some kind of  reference (ie. “Plugins X, Y and Z are mine”, “I’ve submitted x patches to trac recently” etc, I need to know you can actually code with WordPress..)

A List of my recent/active plugins:

  1. Add From Server – 38,720 downloads
  2. Core Control – 8,263 downloads
  3. TwentyTen: No Max Editor Width – 327 downloads
  4. Revision Control – 41,683 downloads
  5. WP-Su – 62 downloads
  6. dDeviantart – 3,032 downloads – This is a good one, I dont know if there is something else out there now, But I know a lot of people would love a more recent version of this plugin!.

Next, WordPress Involvement

Over the last few months, Well, Since WordPress 3.0 was released really, I’ve not been involved in WordPress that much, The number of commits I’ve made in that time has been well  below what I’d have previously had even just patched and posted to trac.. I’m getting rusty.

Last night I changed that, Starting from now, I’m going to attempt to slide back into the groove of working on 3.1, starting with [15651] and [15652] as well as 12659.diff. Finally giving Hierarchical Taxonomies Hierarchical URL’s (That needs testing Btw!)

I’m only following the SVN Commits mailing list, and Trac tickets which I have personally commented on, So if you’ve got a ticket related to Upgrades, Filesystem, HTTP, Taxonomy, or something else I might be interested in, Please leave a comment pointing it out, If its up my alley, I’ll look at it, It’s going to take some time to go through the 2,000 open tickets on Trac.. I used to keep up with it by watching the WP-Trac mailing list, Every comment would come through my inbox, I cant do that right now, so this is the next best thing.

Numbers

So there we have it, 2 Important things to me, and a tonne of numbers

  1. 110k – Well, 107,498 exactly
  2. 3.0
  3. 3.1
  4. 15651, 15652, 12659
  5. 23. Today I’m 23 years old, And I’m sitting here getting rid of things that I should’ve done in the last year
  6. 5. 5 Numbers? :)
  7. 854MB/day remaining Internet Quota until next month, Telstra, I HATE YOU. Stop charging your wholesale clients more than you reail services for!
  8. 9. In 2 weeks, I’ll have been able to commit to WordPress for 9 months, I can’t remember my first patch, but, Will certainly find it shortly.. From memory, My first ticket was closed as invalid, and the second was wontfix..  A idiotic thought on the first, and a removed feature on the 2nd (PressIT if you’re wondering, It didn’t work well in Opera)

Well, Thats all Folks, I think I’ve typed enough for today, It’s probably more than my previous years worth of blog posts put together really.. Even though it barely catches up to 900 words, That just shows you how much I blog. I must change that someday too I guess :)

What version of WordPress is behind that website?

Hi all, Dion here, Recently there’s been a few “security through obscurity” discussions going around, I’m sick of them, It doesn’t work, and this is my proof.

There are a few Plugins out there which hide the version number of WordPress, The first example i found was  Secure WordPress, It has over 170k downloads, But does it actually do what it claims?

Hiding the version number is Security through obscurity, You’re not making the install any safer, you’re merely not advertising the fact of which version you’re using.

But, do i hear you ask, “But if they dont know the version, doesnt that mean I’m safer?”
The answer to that is 3 fold:

  1. Just because they (the mystical hackers) cant see the version of WordPress you’re using, doesnt mean they’re not going to try the same attacks anyway, afterall, its only an extra 3 mouseclicks to run every exploit against every plugin known to man..
  2. Most  exploits in the WordPress world will be related to plugins, this is only due to the sheer number of them out there
  3. And finally, because hiding the version number doesnt hide the version of WordPress you’re using, which is the point of this tool/site

To use an example, It’s like walking through a battlefield with your gun hidden, just because they cant see your gun, doesn’t mean you’re going to be able to walk through the middle fo the battle, chances are, you’ll be shot anyway. Exploits are the same, they’ll attack anything that moves, the number of Joomla! or Drupal exploit attacks i see against my WordPress installs daily is enormous, & I’m sure Joomla! and Drupal installs see significant exploits thinking that the site is running WordPress. My point is, Exploits dont care, they’ll attack anyway.

Type the URL of a site below, be it advertising the fact its WordPress or not, and I’ll tell you instantly which version, or which version its most likely to be running:

Example sites:

PLEASE NOTE: This tool uses NOTHING PRIVATE, This is not connected to any WordPress.org infrastructure or otherwise secret data, All information that this tool uses is gleamed from your WordPress installation, just the same as anyone else can do.